Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit.html.execod.a, Exploit.adodb.stream.ak Infection


  • Please log in to reply
4 replies to this topic

#1 JohannesCyrus

JohannesCyrus

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 27 January 2007 - 08:51 AM

Hello, I am Johannes.
I found some infections in my log when I scanned the last time with my Bitdefender. Unfortunately, I was not able to remove it, and since I broke the computer of my girl friend in a similiar situation, I am kind of scared to do anything without direct instructions.

I have windows XP SP 2.

My BD 10. Blog is as following:


//-----------------------------------------------------------------
//
// ProductBitDefender Internet Security v10
// Product10.0
//
// Created on: 27/01/2007 20:16:33
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 3982
Files : 377548
Memory processes scanned : 24
Archives : 9440
Runtime packers : 42739
Identified viruses : 2
Infected files : 6
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 6
I/O errors : 36
Scan time : 01:12:37
Scan speed (files/sec) : 86

Spyware Statistics

Registry keys scanned : 1844
Registry keys infected : 0
Cookies scanned : 0
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 26337
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bitdefender\Desktop\Profiles\Logs\deep_scan\1169900193.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\CC050EBEd01 Infected: Exploit.ADODB.Stream.AK
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\CC050EBEd01 Disinfection failed
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\CC050EBEd01 Moved
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\DCC050B5d01 Infected: Exploit.ADODB.Stream.AK
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\DCC050B5d01 Disinfection failed
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\DCC050B5d01 Moved
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\DCC05066d01 Infected: Exploit.ADODB.Stream.AK
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\DCC05066d01 Disinfection failed
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\DCC05066d01 Moved
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FCDCAd01 Infected: Exploit.HTML.Execod.A
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FCDCAd01 Disinfection failed
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FCDCAd01 Moved
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FD1AAd01 Infected: Exploit.HTML.Execod.A
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FD1AAd01 Disinfection failed
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FD1AAd01 Moved
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FDC9Ad01 Infected: Exploit.HTML.Execod.A
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FDC9Ad01 Disinfection failed
C:\Dokumente und Einstellungen\Johannes\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\95c4e2pz.default\Cache.Trash\Trash\Cache\747FDC9Ad01 Moved



I would be very pleased, if someone could help me on this one, since I am not even sure, what exactly this infection is causing.

Thank you.
Johannes.

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:28 PM

Posted 27 January 2007 - 09:03 AM

Hi Johannes and welcome to BC

First of all
* Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Under Browsing History, click "Delete".
* Click "Delete Files", "Delete cookies" and "Delete history"
* Click Close below.

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu..
* Click the Clear now button below.. A new window will popup what to clear.
* Select all and click the Clear button again.
* Click OK to close the Options window

* Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

Secondly

Download and scan with SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.

After this rerun the Bitdefender scan again to find out whether your are clean. If not
please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.

When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

#3 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:28 PM

Posted 27 January 2007 - 09:25 AM

To add to the good advice that Fozzie has given, run the Windows update and install all security updates.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 JohannesCyrus

JohannesCyrus
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 30 January 2007 - 11:01 AM

Thanks a lot for your help. I haven't had any Problems after installing the mentioned software and running it.
Great!
Thanks!!!
Johannes

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:28 PM

Posted 30 January 2007 - 11:14 AM

If your issues are issued, then Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users